search

Icinga / icingaweb2-module-elasticsearch

This module will not be updated by Icinga anymore. Please don't attempt to use it.
GNU General Public License v2.0
29 stars 9 forks source link

Elasticsearch query with multiple fields (typo in documentation) #27

Closed saqibarfeen closed 5 years ago

saqibarfeen commented 6 years ago

Expected Behavior

Logstash with Syslog Filter

This Logstash example is based on the configuration examples of the Logstash documentation.

[Logstash]
instance = "Elasticsearch"
index = "logstash-*"
filter = "syslog_hostname={host.name}&type=syslog"
fields = "syslog_timestamp, syslog_program, syslog_message"

Current Behavior

Logstash with Syslog Filter

This Logstash example is based on the configuration examples of the Logstash documentation.

[Logstash]
instance = "Elasticsearch"
index = "logstash-*"
filter = "syslog_hostname={host.name} AND type=syslog"
fields = "syslog_timestamp, syslog_program, syslog_message"

Possible Solution

As shown above, the multi-field query should be written with "&" and not "AND", in icinga.

Context

Your Environment

lippserd commented 6 years ago

Hi,

Thanks for the report. Yeah, the examples are outdated. We'll fix this asap.

Cheers, Eric